1723e4046Schristos
2723e4046Schristos /*
3723e4046Schristos * Licensed Materials - Property of IBM
4723e4046Schristos *
5723e4046Schristos * trousers - An open source TCG Software Stack
6723e4046Schristos *
7723e4046Schristos * (C) Copyright International Business Machines Corp. 2004-2007
8723e4046Schristos *
9723e4046Schristos */
10723e4046Schristos
11723e4046Schristos #include <stdlib.h>
12723e4046Schristos #include <stdio.h>
13723e4046Schristos #include <syslog.h>
14723e4046Schristos #include <string.h>
15723e4046Schristos #include <netdb.h>
16723e4046Schristos
17723e4046Schristos #include "trousers/tss.h"
18723e4046Schristos #include "trousers_types.h"
19723e4046Schristos #include "tcs_tsp.h"
20723e4046Schristos #include "tcs_utils.h"
21723e4046Schristos #include "tcs_int_literals.h"
22723e4046Schristos #include "capabilities.h"
23723e4046Schristos #include "tcslog.h"
24723e4046Schristos #include "tcsd_wrap.h"
25723e4046Schristos #include "tcsd.h"
26723e4046Schristos #include "tcs_utils.h"
27723e4046Schristos #include "rpc_tcstp_tcs.h"
28723e4046Schristos
29723e4046Schristos
30723e4046Schristos TSS_RESULT
tcs_wrap_CreateEndorsementKeyPair(struct tcsd_thread_data * data)31723e4046Schristos tcs_wrap_CreateEndorsementKeyPair(struct tcsd_thread_data *data)
32723e4046Schristos {
33723e4046Schristos TCS_CONTEXT_HANDLE hContext;
34723e4046Schristos TCPA_NONCE antiReplay;
35723e4046Schristos UINT32 eKPtrSize;
36723e4046Schristos BYTE *eKPtr;
37723e4046Schristos UINT32 eKSize;
38723e4046Schristos BYTE* eK;
39723e4046Schristos TCPA_DIGEST checksum;
40723e4046Schristos TSS_RESULT result;
41723e4046Schristos
42723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
43723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
44723e4046Schristos
45*0861b331Schristos if ((result = ctx_verify_context(hContext)))
46*0861b331Schristos goto done;
47*0861b331Schristos
48723e4046Schristos LogDebugFn("thread %ld context %x", THREAD_ID, hContext);
49723e4046Schristos
50723e4046Schristos if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm))
51723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
52723e4046Schristos
53723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 2, &eKPtrSize, 0, &data->comm))
54723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
55723e4046Schristos
56723e4046Schristos eKPtr = calloc(1, eKPtrSize);
57723e4046Schristos if (eKPtr == NULL) {
58723e4046Schristos LogError("malloc of %u bytes failed.", eKPtrSize);
59723e4046Schristos return TCSERR(TSS_E_OUTOFMEMORY);
60723e4046Schristos }
61723e4046Schristos if (getData(TCSD_PACKET_TYPE_PBYTE, 3, eKPtr, eKPtrSize, &data->comm)) {
62723e4046Schristos free(eKPtr);
63723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
64723e4046Schristos }
65723e4046Schristos
66723e4046Schristos MUTEX_LOCK(tcsp_lock);
67723e4046Schristos
68723e4046Schristos result = TCSP_CreateEndorsementKeyPair_Internal(hContext, antiReplay, eKPtrSize, eKPtr,
69723e4046Schristos &eKSize, &eK, &checksum);
70723e4046Schristos
71723e4046Schristos MUTEX_UNLOCK(tcsp_lock);
72723e4046Schristos
73723e4046Schristos free(eKPtr);
74723e4046Schristos
75723e4046Schristos if (result == TSS_SUCCESS) {
76723e4046Schristos initData(&data->comm, 3);
77723e4046Schristos if (setData(TCSD_PACKET_TYPE_UINT32, 0, &eKSize, 0, &data->comm)) {
78723e4046Schristos free(eK);
79723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
80723e4046Schristos }
81723e4046Schristos if (setData(TCSD_PACKET_TYPE_PBYTE, 1, eK, eKSize, &data->comm)) {
82723e4046Schristos free(eK);
83723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
84723e4046Schristos }
85723e4046Schristos free(eK);
86723e4046Schristos if (setData(TCSD_PACKET_TYPE_DIGEST, 2, &checksum, 0, &data->comm)) {
87723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
88723e4046Schristos }
89723e4046Schristos } else
90*0861b331Schristos done: initData(&data->comm, 0);
91723e4046Schristos
92723e4046Schristos data->comm.hdr.u.result = result;
93723e4046Schristos return TSS_SUCCESS;
94723e4046Schristos }
95723e4046Schristos
96723e4046Schristos TSS_RESULT
tcs_wrap_ReadPubek(struct tcsd_thread_data * data)97723e4046Schristos tcs_wrap_ReadPubek(struct tcsd_thread_data *data)
98723e4046Schristos {
99723e4046Schristos TCS_CONTEXT_HANDLE hContext;
100723e4046Schristos TCPA_NONCE antiReplay;
101723e4046Schristos UINT32 pubEKSize;
102723e4046Schristos BYTE *pubEK;
103723e4046Schristos TCPA_DIGEST checksum;
104723e4046Schristos TSS_RESULT result;
105723e4046Schristos
106723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
107723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
108723e4046Schristos
109*0861b331Schristos if ((result = ctx_verify_context(hContext)))
110*0861b331Schristos goto done;
111*0861b331Schristos
112723e4046Schristos LogDebugFn("thread %ld context %x", THREAD_ID, hContext);
113723e4046Schristos
114723e4046Schristos if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm))
115723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
116723e4046Schristos
117723e4046Schristos MUTEX_LOCK(tcsp_lock);
118723e4046Schristos
119723e4046Schristos result = TCSP_ReadPubek_Internal(hContext, antiReplay, &pubEKSize, &pubEK, &checksum);
120723e4046Schristos
121723e4046Schristos MUTEX_UNLOCK(tcsp_lock);
122723e4046Schristos
123723e4046Schristos if (result == TSS_SUCCESS) {
124723e4046Schristos initData(&data->comm, 3);
125723e4046Schristos if (setData(TCSD_PACKET_TYPE_UINT32, 0, &pubEKSize, 0, &data->comm)) {
126723e4046Schristos free(pubEK);
127723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
128723e4046Schristos }
129723e4046Schristos if (setData(TCSD_PACKET_TYPE_PBYTE, 1, pubEK, pubEKSize, &data->comm)) {
130723e4046Schristos free(pubEK);
131723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
132723e4046Schristos }
133723e4046Schristos free(pubEK);
134723e4046Schristos if (setData(TCSD_PACKET_TYPE_DIGEST, 2, &checksum, 0, &data->comm)) {
135723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
136723e4046Schristos }
137723e4046Schristos } else
138*0861b331Schristos done: initData(&data->comm, 0);
139723e4046Schristos
140723e4046Schristos data->comm.hdr.u.result = result;
141723e4046Schristos return TSS_SUCCESS;
142723e4046Schristos }
143723e4046Schristos
144723e4046Schristos TSS_RESULT
tcs_wrap_OwnerReadPubek(struct tcsd_thread_data * data)145723e4046Schristos tcs_wrap_OwnerReadPubek(struct tcsd_thread_data *data)
146723e4046Schristos {
147723e4046Schristos TCS_CONTEXT_HANDLE hContext;
148723e4046Schristos UINT32 pubEKSize;
149723e4046Schristos BYTE *pubEK;
150723e4046Schristos TSS_RESULT result;
151723e4046Schristos TPM_AUTH auth;
152723e4046Schristos
153723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
154723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
155723e4046Schristos
156*0861b331Schristos if ((result = ctx_verify_context(hContext)))
157*0861b331Schristos goto done;
158*0861b331Schristos
159723e4046Schristos LogDebugFn("thread %ld context %x", THREAD_ID, hContext);
160723e4046Schristos
161723e4046Schristos if (getData(TCSD_PACKET_TYPE_AUTH, 1, &auth, 0, &data->comm))
162723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
163723e4046Schristos
164723e4046Schristos MUTEX_LOCK(tcsp_lock);
165723e4046Schristos
166723e4046Schristos result = TCSP_OwnerReadPubek_Internal(hContext, &auth, &pubEKSize, &pubEK);
167723e4046Schristos
168723e4046Schristos MUTEX_UNLOCK(tcsp_lock);
169723e4046Schristos
170723e4046Schristos if (result == TSS_SUCCESS) {
171723e4046Schristos initData(&data->comm, 3);
172723e4046Schristos if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) {
173723e4046Schristos free(pubEK);
174723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
175723e4046Schristos }
176723e4046Schristos if (setData(TCSD_PACKET_TYPE_UINT32, 1, &pubEKSize, 0, &data->comm)) {
177723e4046Schristos free(pubEK);
178723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
179723e4046Schristos }
180723e4046Schristos if (setData(TCSD_PACKET_TYPE_PBYTE, 2, pubEK, pubEKSize, &data->comm)) {
181723e4046Schristos free(pubEK);
182723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
183723e4046Schristos }
184723e4046Schristos free(pubEK);
185723e4046Schristos } else
186*0861b331Schristos done: initData(&data->comm, 0);
187723e4046Schristos
188723e4046Schristos data->comm.hdr.u.result = result;
189723e4046Schristos return TSS_SUCCESS;
190723e4046Schristos }
191723e4046Schristos
192723e4046Schristos TSS_RESULT
tcs_wrap_DisablePubekRead(struct tcsd_thread_data * data)193723e4046Schristos tcs_wrap_DisablePubekRead(struct tcsd_thread_data *data)
194723e4046Schristos {
195723e4046Schristos TCS_CONTEXT_HANDLE hContext;
196723e4046Schristos TSS_RESULT result;
197723e4046Schristos TPM_AUTH auth;
198723e4046Schristos
199723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
200723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
201723e4046Schristos
202723e4046Schristos LogDebugFn("thread %ld context %x", THREAD_ID, hContext);
203723e4046Schristos
204723e4046Schristos if (getData(TCSD_PACKET_TYPE_AUTH, 1, &auth, 0, &data->comm))
205723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
206723e4046Schristos
207723e4046Schristos MUTEX_LOCK(tcsp_lock);
208723e4046Schristos
209723e4046Schristos result = TCSP_DisablePubekRead_Internal(hContext, &auth);
210723e4046Schristos
211723e4046Schristos MUTEX_UNLOCK(tcsp_lock);
212723e4046Schristos
213723e4046Schristos if (result == TSS_SUCCESS) {
214723e4046Schristos initData(&data->comm, 1);
215723e4046Schristos if (setData(TCSD_PACKET_TYPE_AUTH, 0, &auth, 0, &data->comm)) {
216723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
217723e4046Schristos }
218723e4046Schristos } else
219723e4046Schristos initData(&data->comm, 0);
220723e4046Schristos
221723e4046Schristos data->comm.hdr.u.result = result;
222723e4046Schristos return TSS_SUCCESS;
223723e4046Schristos }
224723e4046Schristos
225723e4046Schristos #ifdef TSS_BUILD_TSS12
226723e4046Schristos TSS_RESULT
tcs_wrap_CreateRevocableEndorsementKeyPair(struct tcsd_thread_data * data)227723e4046Schristos tcs_wrap_CreateRevocableEndorsementKeyPair(struct tcsd_thread_data *data)
228723e4046Schristos {
229723e4046Schristos TCS_CONTEXT_HANDLE hContext;
230723e4046Schristos TPM_NONCE antiReplay;
231723e4046Schristos UINT32 eKPtrSize;
232723e4046Schristos BYTE *eKPtr;
233723e4046Schristos TSS_BOOL genResetAuth;
234723e4046Schristos TPM_DIGEST eKResetAuth;
235723e4046Schristos UINT32 eKSize;
236723e4046Schristos BYTE* eK;
237723e4046Schristos TPM_DIGEST checksum;
238723e4046Schristos TSS_RESULT result;
239723e4046Schristos
240723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
241723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
242723e4046Schristos
243*0861b331Schristos if ((result = ctx_verify_context(hContext)))
244*0861b331Schristos goto done;
245*0861b331Schristos
246723e4046Schristos LogDebugFn("thread %ld context %x", THREAD_ID, hContext);
247723e4046Schristos
248723e4046Schristos if (getData(TCSD_PACKET_TYPE_NONCE, 1, &antiReplay, 0, &data->comm))
249723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
250723e4046Schristos
251723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 2, &eKPtrSize, 0, &data->comm))
252723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
253723e4046Schristos
254723e4046Schristos eKPtr = calloc(1, eKPtrSize);
255723e4046Schristos if (eKPtr == NULL) {
256723e4046Schristos LogError("malloc of %d bytes failed.", eKPtrSize);
257723e4046Schristos return TCSERR(TSS_E_OUTOFMEMORY);
258723e4046Schristos }
259723e4046Schristos if (getData(TCSD_PACKET_TYPE_PBYTE, 3, eKPtr, eKPtrSize, &data->comm)) {
260723e4046Schristos free(eKPtr);
261723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
262723e4046Schristos }
263723e4046Schristos
264723e4046Schristos if (getData(TCSD_PACKET_TYPE_BOOL, 4, &genResetAuth, 0, &data->comm)) {
265723e4046Schristos free(eKPtr);
266723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
267723e4046Schristos }
268723e4046Schristos
269723e4046Schristos if (getData(TCSD_PACKET_TYPE_DIGEST, 5, &eKResetAuth, 0, &data->comm)) {
270723e4046Schristos free(eKPtr);
271723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
272723e4046Schristos }
273723e4046Schristos
274723e4046Schristos MUTEX_LOCK(tcsp_lock);
275723e4046Schristos
276723e4046Schristos result = TCSP_CreateRevocableEndorsementKeyPair_Internal(hContext, antiReplay,
277723e4046Schristos eKPtrSize, eKPtr, genResetAuth, &eKResetAuth, &eKSize, &eK, &checksum);
278723e4046Schristos
279723e4046Schristos MUTEX_UNLOCK(tcsp_lock);
280723e4046Schristos
281723e4046Schristos free(eKPtr);
282723e4046Schristos
283723e4046Schristos if (result == TSS_SUCCESS) {
284723e4046Schristos initData(&data->comm, 4);
285723e4046Schristos if (setData(TCSD_PACKET_TYPE_DIGEST, 0, &eKResetAuth, 0, &data->comm)) {
286723e4046Schristos free(eK);
287723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
288723e4046Schristos }
289723e4046Schristos if (setData(TCSD_PACKET_TYPE_UINT32, 1, &eKSize, 0, &data->comm)) {
290723e4046Schristos free(eK);
291723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
292723e4046Schristos }
293723e4046Schristos if (setData(TCSD_PACKET_TYPE_PBYTE, 2, eK, eKSize, &data->comm)) {
294723e4046Schristos free(eK);
295723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
296723e4046Schristos }
297723e4046Schristos free(eK);
298723e4046Schristos if (setData(TCSD_PACKET_TYPE_DIGEST, 3, &checksum, 0, &data->comm)) {
299723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
300723e4046Schristos }
301723e4046Schristos } else
302*0861b331Schristos done: initData(&data->comm, 0);
303723e4046Schristos
304723e4046Schristos data->comm.hdr.u.result = result;
305723e4046Schristos
306723e4046Schristos return TSS_SUCCESS;
307723e4046Schristos }
308723e4046Schristos
309723e4046Schristos TSS_RESULT
tcs_wrap_RevokeEndorsementKeyPair(struct tcsd_thread_data * data)310723e4046Schristos tcs_wrap_RevokeEndorsementKeyPair(struct tcsd_thread_data *data)
311723e4046Schristos {
312723e4046Schristos TCS_CONTEXT_HANDLE hContext;
313723e4046Schristos TPM_DIGEST eKResetAuth;
314723e4046Schristos TSS_RESULT result;
315723e4046Schristos
316723e4046Schristos if (getData(TCSD_PACKET_TYPE_UINT32, 0, &hContext, 0, &data->comm))
317723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
318723e4046Schristos
319*0861b331Schristos if ((result = ctx_verify_context(hContext)))
320*0861b331Schristos goto done;
321*0861b331Schristos
322723e4046Schristos LogDebugFn("thread %ld context %x", THREAD_ID, hContext);
323723e4046Schristos
324723e4046Schristos if (getData(TCSD_PACKET_TYPE_DIGEST, 1, &eKResetAuth, 0, &data->comm))
325723e4046Schristos return TCSERR(TSS_E_INTERNAL_ERROR);
326723e4046Schristos
327723e4046Schristos MUTEX_LOCK(tcsp_lock);
328723e4046Schristos
329723e4046Schristos result = TCSP_RevokeEndorsementKeyPair_Internal(hContext, eKResetAuth);
330723e4046Schristos
331723e4046Schristos MUTEX_UNLOCK(tcsp_lock);
332*0861b331Schristos done:
333723e4046Schristos initData(&data->comm, 0);
334723e4046Schristos
335723e4046Schristos data->comm.hdr.u.result = result;
336723e4046Schristos
337723e4046Schristos return TSS_SUCCESS;
338723e4046Schristos }
339723e4046Schristos #endif
340